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ABSTRACT 



Data is encrypted for transmission over non-secure 
communication by providing data with a header and a 
trailer portion containing the full information as to the 
sender and recipient of the data so as to form a data 
packet, . incrypting the data packet, and providing a 
further header and trailer portion to form a further data 
packet. The further header and trailer only contain 
information identifying the entry and exit nodes at 
which the further data packet enters and leaves the 
non-secure network. On arrival at the exit node the 
further data packet can be decrypted to reconstruct the 
original packet which is then conveyed to its destination 
via a local secure network. Padding non-secure net- 
work with dummy messages makes it impossible to 
identify the presence of genuine traffic between particu- 
lar nodes of the non-secure network. Thus secure data 
may be sent via commercial non-secure packet switch- 
ing networks without indicating its presence. 

16 Claims, 7 Drawing Sheets 
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DATA COMMUNICATION SYSTEM USING 
ENCRYPTED DATA PACKETS 

This invention relaies to data transmission systems, in S 
particular secure data transmission systems in which 
data is encrypted for transmission over a non-secure 
data transmission network such as a packet switching 
network. 

In this specification, the word "data" encompasses 10 
digitally-encoded information of any type. It includes, 
but is not restricted to, alpha-numeric data such as AS- 
CII; video; teletext; facsimile; speech; and digitally- , 
encoded analogue signals e.g. telemetry 

In this specification, the word "crypto" has been used 15 
as an abbreviation for •'encryption device". 

As is know to those skilled in. the art, in order to 
transmit data over a packet switching, network it is 
necessary to produce a packet comprising a header 
portion, a data portion containing data to be transmit- 20 
ted, and a trailer portion. The header portion contains 
information identifying the destination of the packet, 
and may contain such additional information as is per- 
mitted by the packet switching network protocols, such 
as call redirection and ringback facilities. Where the 25 
data to be transmitted needs to be kept secure, it would 
be possible to encrypt the data per se: however it would 
not be possible to encrypt the header and trailer data as 
the packet switching network needs this header and 



crypting data may comprise a crypto bypass. The by- 
pass may be used for non-secure traffic. 

At least one node may comprise a respective encryp- 
tion device for communication between thai node and 
each respective other node. This allows that node to 
communicate directly with all other nodes, each node 
having its own code. At least one node may comprise a 
respective encryption device for communication be- 
tween that node and at least one respective group of 
other nodes. 

At least one node may comprise means for padding 
the traffic with dummy information. This ensures that 
the node is busy at all times, making it difficult to detect 
when genuine secure traffic is being conveyed. 

At least one node may function as an exchange node 
so that traffic between nodes has to pass via at least one 
exchange node. This can reduce the number of cryptos 
required. 

According to another aspect of the invention there is 
provided, apparatus for decrypting a packet received 
from a communications network, the packet comprising 
an unencrypted first header portion, an encrypted first 
data .portion, and an unencrypted trailer portion, the 
encrypted first data portion comprising an encrypted 
further packet comprising an encrypted second header 
portion, an encrypted second data portion and an en- 
crypted second trailer portion, the apparatus compris- 
ing means to decrypt the encrypted further packet to 
produce an unencrypted further packet, the unen- 



trailer data to allow it to deliver the packet to the corr 30 crypted further packet comprising the unencrypted 



reel destination. In certain cases it would be undesirable 
for any information identifying the originator and/or 
recipient of the data to be transmitted over non-secure 
channels. The present invention arose from an attempt 
to overcome or mitigate, these problems. 

According to the invention apparatus for encrypting 
data for transmission over a communications network 
comprises: means for generating a first packet compris- 
ing a header portion, an information - containing por- 
tion and a trailer portion, means for encrypting the first 
packet, and means for generating a second packet com- 
prising a further header portion, the encrypted first 
packet, and a further trailer portion. 

According to a further aspect of the invention a com- 
munication system is provided in which data is encoded 45 
by such apparatus prior to being transmitted. 

In encrypting the first packet, the information-carry- 
ing portion may be incrypted separately form the 
header portion and trailer portion. 



35 



40 



second header portion, the unencrypted second data 
portion, and the unencrypted'second trailer portion. 

According to yet another aspect of the invention a 
method of encrypting data for transmission over a com- 
munications net work comprises the steps of: 

(a) generating a first packet comprising a header por- 
tion, an information - containing portion and a 
trailer portion; 

(b) encrypting the first packet; 

(c) generating a second packet comprising a further 
header portion, the encrypted first packet, and a 
further trailer portion. 

According to a still further aspect of the invention 
there is provided a method of decrypting a packet re- 
ceived from a communications network, the packet 
comprising an unencrypted first header portion, an 
encrypted first data portion, and an unencrypted trailer 
portion, the encrypted first data portion comprising an 
encrypted further packet comprising an encrypted sec- 



The system may comprise a plurality of subscribers 50 ond header portion, an encrypted second data portion 



connected by a communications network via a plurality 
of nodes, at least one subscriber being associated with 
each node. Each node may include means for encrypt- 
ing data in the manner referred to in the two preceding 
paragraphs for transmission to another node, and means 55 
for decrypting data for transmission to an associated 
subscriber. 

The further header portion need only contain data 
relating to the encrypting and the decrypting nodes. At 
least one node may allow communication between a 60 
pair of subscribers connected to that node. This avoids 
the need for those subscribers to use the non-secure 
communications network when communicating with 
each other. The header portion may contain informa- 
tion relating to the destination subscriber address. The 65 
header portion may also contain other information such 
as ring-back, or redirect calls, or the security classifica- 
tion of the data. In at least one node the means for de- 



and an encrypted second trailer portion, the method 
comprising the steps of: 

(a) extracting the encrypted first data portion from 
the packet to obtain the encrypted further data 
packet; 

(b) decrypting the encrypted further data packet; 

(c) generating a decrypted further packet comprising 
the unencrypted second header portion, the unen- 
crypted second data portion, and the unencrypted 
second trailer portion. 

The invention will now be described in more detail 
with reference to the drawings in which: 

FIGS. 1(a), 1(b) and 1(c) show diagrams illustrating a 
method of data encryption in accordance with the in- 
vention; 

FIG. 2 shows a communication system in accordance 
with the invention; 
FIGS. 3 and 4 show part of FIG. 2 in more detail; 
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FIG. 5 shows a first example of a secure site in accor- by encoding the data prior to transmission in the way 

dance with the invention; described with reference to FIG. 1. 

FIG. 6 shows a second example of a secure site in Say a subscriber 11 at site 1 wishes to communicate 

accordance with the invention; with subscriber 26 at site 2 A message sent from sub- 

F1G. 7 shows a third example of a secure site in ac- 5 scriber 11 arrives at node 1 and is converted into a data 

cordance with the invention; packet whose header contains, inter alia, information 

FIGS. 8o and 8b show an example of a secure site in regarding the End System Address (ESA) of the recipi- 

accordance with the invention in more detail; ent 26. This data packet is encrypted as described with 

FIG. 9 shows diagramatically four methods of selec- reference to FIG. 1 to produce a further data packet 

five encryption; 10 having a clear (unencrypted) header and trailer This 

FIG. 10 shows a first method of selective encryption header and trailer only contains Site Address (SA) in- 

in accordance with the invention; formation, i.e, information identifying the node 1 via 

FIG. 11 shows a second method of selective encryp- which the packet enters the WAN, and the node 2 via 

tion in accordance with the invention; which the packet leaves the WAN. On arrival at node 2, 

FIG. 12 shows a third method of selective encryption 15 the packet is decrypted, and node 2 now forwards the 

in accordance with the invention; data to the recipient subscriber 26. Should the packet be 

FIG. 13 shows a fourth method of selective encryp- mis-routed or intercepted during its passage over the 

tion in accordance with the invention; WAN, then its unintended recipient will only be able to 

FIG. 14a and Ub show diagram illustrating methods identify the nodes at which the packet entered and left 

of data encryption. 20 the WAN, and will not be able to identify the originator 

The same reference numerals have been used to de- or recipient of the data. By ensuring that the system 

note the same features throughout the figures. transmits dummy data between nodes in the absence of 

A method of encrypting data in accordance with the genuine traffic, an unauthorised recipient would not 

invention will now be described with reference to FIG. even be able to gain any useful information as to the 

1. FIG. 1(a) shows in diagrammatic form a data packet amount of traffic passing between pairs of nodes, 

suitable for transmitting over a packet switching net- In the arrangement shown, the provision of a number 

work. The packet consists of a header portion H, a data of alternative WANs provides a high degree of system 

portion D, and a trailer portion T. The header portion reliability in that, should one WAN fail, then alternative 

H contains information identifying the sender of the 3Q routes are available via the other WANs. If different 

data and the address of the subscriber to which the data WANs have different price structures, it also allows the 

is to be sent. It may also contain additional information user to select the most economical route for any partic- 

such as call redirection etc. In order to make the whole ular message 

of this information secure, the entire packet is en- FIG. 3 shows a secure site 300 in more detail. The 

crypted. In FIG. 1(b), HE, DE, and TE represent the 35 blocks identified as 301 correspond to the nodes of FIG. 

encrypted header, data, and trailer portions respec- 2 and allow a two-way flow of information between the 

tively. As all the information contained in the packet private end-systems (subscribers) 1. 2, 3, 4, 5, 6 and the 

has been encrypted, the packet cannot now be sent over WANs. The optional selective crypto bypass 302 pro- 

a conventional packet switching system as it stands vides a direct route for information such as address and 

because the header information, being encrypted, can- 40 additional functions information which is required to be 

not be understood by the conventional packet switching conveyed directly between the INTERFACE TO 

system. Accordingly this encrypted packet is provided PUBLIC WANs 303 and the PRIVATE X.25 ROUT- 

with a further header and trailer, the further header and ING & ACCESS CONTROL 305 without passing 

trailer containing sufficient information to allow the through the PRIVATE ENCRYPTION 304. Such a 

packet to be transmitted from the node at which en- 45 bypass will in practice only be implemented if it can be 

cryption takes place to a further node at which decryp- ensured that nothing but the address &c. information 

tion takes place. The final data packet is shown in FIG. can be conveyed via the bypass. The Private Routing & 

1(c) in which H' indicates the further header, T a indi- Access Control serves to allow the end-systems to com- 

cates the further trailer, and HE, DE, and TE are as in municate with other end-systems at the same site as well 

FIG. 1(6). 50 as with end-systems at other sites. 

FIG. 2 shows a data transmission system in accor- FIG. 4 shows the same information as FIG. 3 but the 

dance with the invention. Each site 1, 2, 3, 4 is a secure concentric circles have been omitted for clarity, 

site. The sites are shown diagram matically in FIG. 2. FIG. 5 shows a first example of secure site in greater 

Each node includes the private MLS access control 202 ' detail. The WAN interface consists of a packet genera- 

and the private crypto 203, as well as the public X.25 35 tor/switch which generates packets in a form suitable 

addresses 204. A site is shown in greater detail in FIG. for transmission over any of WAN1-3, each of which 

3. The concentric circles in FIGS. 2 and 3 indicate the consists of a packet switching network. The PRIVATE 

various features of the sites. Site 1 comprises a node Nl X.25 ROUTING & ACCESS CONTROL 305 may be 

to which a number of subscribers 11, 12, 13, 14, 15,. 16 implemented by a suitably programmed computer. A 

are connected. The subscribers have their own private 60 plurality of customer's encryption devices 501 are pro- 

X.25 addresses 201. The node functions as an exchange vided. Each device may serve only one link between 

which provides secure communications between any the site and one other situ or a single device may be used 
pair of its subscribers without necessarily requiring for a group of two or more sites. Each private end-sys- 
encryption It also acts as an interface between the sub- tern (subscriber) 1, 2. 3. 4, 5, 6 has a different security 
scribers and a wide area network (WAN) to allow sub- 65 rating. If desired, information concerning this rating 
scribers to communicate with subscribers in other se- may be included in the encrypted header data. Sub- 
cure sites via their respective nodes by encrypting data scriber 1 is "secret high", subscriber 2 is "restricted 

prior to transmitting it over the WAN. This is effected high", subscriber 3 is "confidential'*, subscriber 4 is 
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'•unclassified to secret (MLS)", subscriber 5 is "confi- 
dential to secret (MLS)", subscriber 6 is "top secret". 

FIG. 6 shows a second example of a secure site in 
greater detail. This example includes a crypto bypass 
602 for suitable unclassified interactive traffic. This 
traffic may comprise site address and facilities informa : 
tion. The bracketed functional blocks indicated by 600 
may be implemented by a suitably programmed com- 
puter such as SCP2 CHESS. 

FIG. 7 shows a third example of a secure site in 
greater detail. Encryption is performed in two stages. 
SELECTIVE ENCRYPTION 701 encrypts the data 
only. ROUTING & ACCESS CONTROL 702 per- 
forms the remaining tasks. 



10 



FIG. 12 illustrates a site in accordance with method 

3. This is similar to FIG. 10 in that each inter-site link 
has its own crypto, but a crypto bypass 302 is provided 
for network facilities Network facilities are available, 
but a large number of cryptos are needed and the crypto 
bypass has to be verified. 

FIG. 13 illustrates a site in accordance with method 

4. This is similar to FIG. 11, but the crypto bypass 302 
conveys both site address and network facilities infor- 
mation. This uses fewer cryptos and network facilities 
are available, but- the crypto bypass has to be verified. 

FIG. 14 illustrates different types of selective encryp- 
tion. 

FIG. 14a illustrates encoding in which only the data 



FIGS: 8a and Sb show a secure site in even greater 15 portion D of a packet a! is encoded to produce an en- 



coded packet a2. This allows only minimal X. 25 facili- 
ties. 

FIG. 146 illustrates encoding in accordance with the 
invention. The whole of the packet bl is encoded to 



detail. In the following, ESA denotes end system ad- 
dress, and SA denotes site address The interface to 
public WANs 303 consists of a packet switch 801 and a 
packet generator 802. Private encryption Z is followed 

by site-by-site access control 803 comprising mandatory 20 produce a further packet b2 whose data portion DN is 
access control X.2S SA to X.25 SA followed by private an encoded representation of the data portion DE of the 
to public address conversation 804 converting between original packet. This allows full X.25 packet switching 
X.25 ESA and X.25 SA. End-system by end-system protocol facilities. 

access control consists of discretionary access control In the arrangements described so far, any given node 
805 comprising X.25 ESA to X.25 ESA, and mandatory 25 has been able to communicate directly with any other 



access control 806 comprising X.25 ESA to X.25 ESA. 
Traffic padding 810 is followed by individual end sys- 
tem connections 807 comprising MUX labelling. Blocks 
805, 806, 807, 810 comprise a c.f. guard 808. To provide 
greater security, traffic padding 810 is provided to gen- 
erate dummy messages in the absence of useful informa- 
tion. An audit trail A is generated for analysis of at- 
tempted breaches of security. It should be noted that 
block Z "private encryption" shown in FIG. 8o has 



node. While this allows maximum system flexibility, it 
does suffer the disadvantage of requiring a large number 
of. cryptos, and this number increases rapidly as more 
nodes are connected to the network. The number of 
30 cryptos can be considerably reduced by using a small 
number of nodes as exchanges such that communication 
between nodes has to be routed via one or more of these 
exchange nodes. It is then only necessary to provide 
each node with a crypto which will allow it to commu- 



been duplicated in FIG, 6b and that the site only has one 35 nicate with its exchange node or nudes. Thus in FIG. 



such block 

FIG. 9 illustrates in diagrammatic form various meth- 
ods of selective encryption in accordance with the in- 
vention, which methods are illustrated in detail in 
FIGS. 10-13. 

91 denotes "without negotiable network facilities*' 

92 denotes "with negotiable network facilities" 

93 denotes "separate crypto-pairs" 

94 denotes, "shared crypto" 

95 denotes method 1 

96 denotes method 2 

97 denotes method 3 

98 denotes method 4 

FIGS. 10 to 13 each show one site, denoted site 1 in 
each case, of a system consisting of six sites. 

FIG. 10 illustrates a site in accordance with method 

1. Each inter-site link is allocated its own crypto. The 
cryptos are indicated by Z2 to Z6, Z2 being used for 
communication between sites 1 and 2, and so on. 101 is 
a packet switch exchange, 102 a packet generator, 103 is 55 
site address control, 104 address conversion, 110 are 
unt rusted, 120 are trusted units. This has the advantage 
of having no crypto bypass and being more secure 
(chain block cypher). It has the disadvantage of requir- 
ing more crypto devices. 

FIG. 11 illustrates a site in accordance with method 

2. Only two cryptos are provided, Z2-3 being used for 
communication between site 1 and both sites 2 and 3, 
Z4-6 being used for communication between site 1 and 



node 1 could be the designated exchange node, and all 
secure traffic between nodes 2, 3 and 4 would be routed 
via node 1 Alternatively nodes 1 and 2 could be desig- 
nated exchange nodes so that direct secure communica- 
40 tion between nodes 3 and 4 was not possible However, 
nodes 3 and 4 could communicate either via node 1 or 
via node 2, or indeed via both node 1 and node 2. This 
would allow an increased degree of flexibility and reli- 
ability over a single exchange system, as the system 
45 could still function in the event of failure of one of the 
exchange nodes. Provision could be made to permit 
non-secure traffic to be routed directly between nodes 
rather than passing via a secure traffic exchange node. 
Management facilities available in conjunction with 
50 the invention include: 

setting access control permissions, archiving audit 
trails; 

choice of - central facility with local fallback; 

local facility mandated for some users or sites; 
central facility collates user directory except 'ex-di- 
rectory' users or sites; 
choice of several central facilities for survivability; 
independent survivable central facilities for each sub- 
group of sites; 
CHESS management data/commands use main data 

network (preserving 'trusted path*). 
Arrangements in accordance with the invention may 
be implemented with the use of suitably programmed 
secure computers such as SCP2 CHESS to effect the 



60 



the remaining sites. While this uses fewer cryptos, it 65 necessary encoding and decoding. This is particularly 

does necessitate the provision of a crypto bypass for advantageous, as it facilitates subsequent reconfigura- 

conveying the site address information. Packet genera- tion of the system, for example, to accommodate addi- 

tor 1102 may be either trusted or untrusted. tional sites and additional facilities. It provides a secure 
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communication link between shes over existing non- 4. A system as claimed in claim 3 in which the further 
secure communications networks, thereby avoiding the header portion contains data relating to the encrypting 
need for, and expense of, a discrete dedicated secure and the decrypting nodes. 

network, and allows all the encryption and decrypting 5. A system as claimed in claim 3 in which at least one 
arrangements to be located on-site. 5 node also allows communication between a pair of sub- 

The invention may be used in any application, includ- scribers connected to that node. 
ing business and military communications, in which it is A system as claimed m claim 3 in which the header 

essential that information be securely and reliably trans- P°*' on contains information relating to the destination 
mined between sites. subscriber address ' . . _ 

The invention may be used in conjunction with sin- J0 7 . A ^ m as claimed in claim 6 in which the header 
gle-level, system high, or multi-level end systems. Sys- P 0 * 1 ™ al f conta ; n . s °' h ? r »fonnation. 
ferns in accordance w th the invention may be certified * A J*™ as claimed m claim 3 in wh ch for >* least 
to recognized assurance levels. one "°£ e means for decrypting data comprises a 

While the invention has been described wjtb refer- ™ • claimcd fa c]aml 3 in which at Ieasl one 

ence to the embodiments shown m the drawings, it is , 5 nodc compri ses a respective encryption device for com- 
not restricted to the particular embodiments shown. municalio ; between the one node and each respective 
For example, although communication between sites is other node 

described as being possible via one of a plurality of 1Q A stem as daimed in claim 3 in which at )east 
WANs, it is only necessary that at least one WAN be onc nodc comp rises a respective encryption device for 
present. Further, communications networks other than communication between the one node and at least one 
WANs may be used, for example LANs or broadcast respective group of other nodes, 
communications networks Further, the invention is not . u A system as claimed in claim 3 in which at least 
restricted to communication using packet switching one noQ > comprises traffic padding means, 
networks, but can be used with any other communica- 12. a system as claimed in claim 3 in which at least 
tion system in which information to be conveyed is one node functions as an exchange node such that en- 
associated with information indicating the destination 25 crypted traffic between nodes is routed via at least one 
and/or origin of the information. Further, while the exchange node. 

clear header has been described as containing only site 13. Apparatus for decrypting a packet received from 
address information, it may be possible in some circum- a communications network, the packet comprising an 
stances to include additional information. Further, unencrypted first header portion, an encrypted first 
while the header has been described as containing site 30 data portion, and ah unencrypted trailer portion, the 
address information and possibly additional informa- encrypted first data portion comprising an encrypted 
tion. at least some of this information could be con- further packet comprising an encrypted second header 
tained in the trailer. Further, while methods in accor- portion, an encrypted second data portion and an en- 
dance with the invention have been described as a se- crypted second trailer portion, the apparatus compns- 
quence of steps, at least some of these steps may be 35 i"S means to aecrypi the encrypted further pacKci to 
performed simultaneously rather than sequentially. produce an unencrypted further packet, the unen- 

Further, it may not be necessary for every data crypted further packet comprising the unencrypted 
packet of a transmission to be provided with informa- second header portion, the unencrypted second data 
lion regarding the entry and exit nodes of the communi- pa™*, and the unencrypted second trailer portion 
cations network and the sender and the recipient of the 40 M ' method cf . encrypting data for transmi ion 
data. It may only be necessary for the initial packet or over a communications network comprising the steps 
packets of the transmission to contain the routing infor- . _ . . . 

mation necessary to establish a communications link (a) generating a firs packet compm.ng a header por- 
between subscribers. Once the link has been established. '<>"• a " , " f ° rmat,0n ' comamln 8 P 0 ™" and a 

some or all of this routing information can be omitted « ™ " „ V fi „, 

from subsequent packets, ^^^^ £ 2ffif comprising a further 

conveyed over the link so establ.shed for the duration of ;f ader *^ (he en P ted fir £ * kel) and a 

the transmission. further t H railer portion . 

I claim: 15. a method as claimed in claim 14 in which in step 

1. Apparatus for encrypting data for transmission 5Q (b) lhe information . containing portion is encrypted 
over a communications network comprising: separately from the header portion and trailer portion. 

means for generating a first packet comprising a 16. A method of decrypting a packet received from a 
header portion, an information - containing portion communications network, the packet comprising an 
and a trailer portion; unencrypted first header portion, an encrypted first 

means for encrypting the first packet; and data port i onf an unencrypted trailer portion, the 

means for generating a second packet compnsing a 33 encrypted first data portion comprising an encrypted 
further header portion, the encrypted first packet, further packet comprising an encrypted second header 
and a further trailer portion. portion, an encrypted second data portion and an en- 

2. Apparatus as claimed in claim 1 in which the means crypted second trailer portion, the method comprising 
for encrypting the first packet encrypts the information me Q f. 

» containing portion separately from the header portion 60 ^ eX ( rac ting the encrypted first data portion from 
and trailer portion. the packet to obtain the encrypted further data 

3. A communications system comprising a plurality packet; 

of subscribers connected by a communications network (b) decrypting the encrypted further data packet; 
via a plurality of nodes, at least one subscriber being (c) generating a decrypted further packet comprising 
associated with each node; each node including appara- 65 the unencrypted second header portion, the unen- 
tus for encrypting data as claimed in claim 1 for trans- crypted second data portion, and the unencryp tec * 

mission to another node and means for decrypting data second trailer portion, 

for transmission to an associated subscriber. * * * * * 
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